Origin 'http://app.forestadmin.com' has been blocked by CORS policy

Expected behavior

Access to my project in local to develop the project.
I am doing the migration to the V7

Actual behavior

I have a problem with CORS origin.

Failure Logs

        origin: process.env.CORS_ORIGINS,
        maxAge: 86400, // NOTICE: 1 day
        credentials: true,

My error :

Access to fetch at 'http://localhost:3310/forest' from origin 'http://app.forestadmin.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
GET http://localhost:3310/forest net::ERR_FAILED


Please provide any relevant information about your setup.

  • Package Version:
    node 12.19
  • Express Version: 4.17.1
  • Sequelize Version: 5.15.1
  • Database Dialect: mysql
  • Forest-express-sequelize: 7.0.0

Hi @Bastien_Blanc !
You need to follow the Upgrade to v7 - Documentation.
There is a specific part about CORS configuration :wink:

Thanks Nicolas,
I missed this part !

Now, I have another problem.

I have this error now, can you help me ?

UnauthorizedError: invalid algorithm
        secret: process.env.FOREST_AUTH_SECRET,
        credentialsRequired: false,
        algorithms: ['RS256'],

Hello @Bastien_Blanc,

The algorithm you configured is not correct. You set the value to RS256 and the correct value is HS256.

The first one is an algorithm based on a private and public keys pair.

The second one is based on a secret that is only known by the issuer of the token.

Thanks @GuillaumeGautreau !

I managed the authentication on my development environment, but now I have this error:

[forest] ���  undefined
ForbiddenError: Forbidden
    at _callee$ (...\node_modules\forest-express\dist\middlewares\permissions.js:113:24)
    at tryCatch (...\node_modules\regenerator-runtime\runtime.js:63:40)

Do you have any idea, why I have this ?

Hello, can you explain when this error occurs? Is it on startup? Is it when you try to access a route?


I have this error when I try to access to the details of an object.

Can you check that your collection is allowing to access details of objects?

On which collection do you have the issue?